Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
follow this guide
1. Scan for malware https://www.malwarebytes.com/
2. Deactivate all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your mobile app https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
Hi, thanks for writing my pc is completly clean, no malware, i havent visited any fishey websites, but ill be sure to change my passwords
Do ALL the steps provided.
Accounts are PHISHED because the end user gave away all their account details.
The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.
How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link, signing in through a fake login window etc.
How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.
The alternative is not plausible:
1) Someone would have to "GUESS" your account name from "millions of possible combinations".
2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".
3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.
The weakest link is the end user, not the security offered.
1. You either got infected and had malware steal your active session, which means steam thinks it is your own doing. (Or you logged in on another infected machine)
2. You entered your login + Steam Guard code somewhere you were not supposed to. (Scanning the QR code to login does the same)
3. Someone else has/had physical access to your devices. (Or you forgot to logout after being in an internet café etc.)
You can't deny all 3 of these, it's impossible to get into your account otherwise.
Stolen wallet or items that way will not be refunded, as it is the users responsibility to make sure their accounts are safe.
Which is highly unlikely, as you see, account won't just leak themselves. There is no super hacker hacking steam database, nor there is a data breach. So the leak came from you.